Wednesday, 4 February 2015

Wi-Fi Router: protect wifi from hackers

IEEE 802.11 which denotes present day Wi-Fi communication mode is getting predominant importance. From complex wired local area network to Wi-Fi network, the complexities of installation and maintenance were reduced greatly. But such growth has its own inherit disadvantages. With Wi-Fi routers or Wi-Fi modems which stand as access points are susceptible to various challenges. With a simple Wi-Fi antenna and a network sniffer our present day Wi-Fi connections are vulnerable to attacks. The technology has developed to the extent that we can setup a simple Wi-Fi connection by turning USB Wi-Fi adapters as Wi-Fi access points. Hence, we have to adapt ourselves to present day security challenges.

Basic: 

First and foremost rule when it comes to Wi-Fi security is “No foolproof method” exists. When it comes to information security, no expert would guarantee with 100% safety. The modern day challenges not only rattle small and medium enterprises but also pull the pillars of multi-national companies. Recent attack on Sony over filming the movie “The Interview” is quite example of what present day information security has to transform.

With the advent of Wi-Fi compatible devices such as printers, scanners, fax machines, etc. we need to do a lot than to feel relax of the comfort the Wi-Fi connections provide. For instance, we have a Wi-Fi enabled security Camera in our apartment to monitor our rooms. A good attacker will have all eyes on our home if our Wi-Fi connections are compromised. The very security camera will pose imminent danger to us. It would have been a better scenario without the Wi-Fi security camera.

With more and more devices adapting to Wi-Fi integration, the need of security of our network started resonating vibrantly. If no foolproof method exists, better make it complicated for the dedicated hackers to gain access into our wireless networks.

Open Wi-Fi connections: 

With modern day computing, every home started adapting to Wi-Fi connections than the traditional wired connections. Even though, the internet access is provided with fiber optic cables, the internet connection is shared with multiple home computers through a Wi-Fi router. The ease of use and hassle free operation makes the Wi-Fi the preferred choice over the wired LAN.

The awful part of the story is people need comfort at the cost of security. The networking ignorant people put the Wi-Fi connection without any protections. An open Wi-Fi connection is walk in the park, even to a kid, to gain access to your network. So it would be wise to place encryption key in our Wi-Fi connection which will be cover in detail later.

Wi-Fi Router: 

Next common syndrome with Wi-Fi users is they never change username and password which come with router manual. The default user name & password of our Wi-Fi router to well known to the world. So anyone who knows the make and model can directly login into our Wi-Fi router configuration page. That’s enough to play havoc!
With access to heart of our Wi-Fi router they can sniff out any information which traverses through that router. Keep in mind; one can set a custom route to direct traffic from our network to the attacker sniffers to extract username and password, bank credentials and all.  So, the first part is to change the default username and password of the Wi-Fi router or modem whichever is in use.

Case Study: 

I was recently asked to inspect the network security of a company. The company was not too big but contained decent number of staff to run the business. The network consists of Wi-Fi router secured with encryption. The primary purpose of the Wi-Fi router is to transfer files between the server and work desk. The major complaint was the internet is unusually slow. The major part of employee work depends upon internet to send and receive classified accounts.

At inspection, nothing was unusual inside the network. Local file transfers were fine. But internet access was choked. On analysis, one unknown computer was connected through Wi-Fi which was downloading torrent files. On further study, the network was encrypted with weak password. A brute force dictionary attack was good enough to crack it. Then I tried to login to the Wi-Fi router, the pathetic router not even had a password to gain access to configuration pages. Such type of network little difficult to crack.

Encryption: 

It is always safe to ensure wireless communication is encrypted to avoid eavesdropping. And for good never prefer the obsolete WEP method. WEP were most susceptible to exploitation. It is wise choice to avoid the method in any part of the network.
The wise choice would be depend on the WPA-PSK if the Wi-Fi to be decided to use for personal networking. Keep a strong passphrase to avoid another intrusion. The best part of the network security is there is no foolproof method to protect the network. So, it is wise to make it difficult to get past the network authentication than to simply letting in the eavesdropper.

MAC address authentication: 

For modern day computing, MAC address authentication does much bad than good. It is one of the easiest ways to limit the number of connections to the Wi-Fi network. By creating a list of trusted stations, we can avoid other stations getting network access. But such method has its own limitation. Anybody who knows the MAC addresses of the trusted station, then the attacker could easily spoof the MAC to gain access to the network as trusted station. These kind of intrusion are least detected.


The other methods to safe guard Wi-Fi connections will be continued in other post.